Entra ID - Device registration - Require MFA

robcool 116 Reputation points

Hi There,

I have conditional access policies for enforcing MFA during device registration with Entra Id. The policy is currently in report-only mode and during the monitoring phase, it didnt show up any user hits or impact.

Keen to know what all can be the possible reasons for this behaviour. Is it because the devices are auto registered ?

Appreciate any pointers.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,081 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 5,325 Reputation points Microsoft Vendor

    Hi @robcool

    Thank you for posting this in Microsoft Q&A.

    Report-only mode is a feature in Entra Conditional Access that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. When a policy is in report-only mode, it is evaluated during sign-in, but the policy is not enforced. Instead, the results of the policy evaluation are logged in the Conditional Access and Report-only tabs of the Sign-in log details. Report-only mode is useful for testing and evaluating the impact of Conditional Access policies before enforcing them in your environment. It allows you to identify any potential issues or conflicts that may arise when the policy is enforced, without actually impacting end-users.

    For more information: Conditional Access report-only mode

    In order to enforce MFA during device registration with Entra Id, conditional access policies need to be enabled. Make sure to select the "ON" option under Enable policy. After enabling the policy, it will work as you configured it in the CA policy.

    Reference: https://learn.microsoft.com/en-us/mem/intune/protect/create-conditional-access-intune

    Hope this helps. Do let us know if you any further queries



    If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.

    0 comments No comments